Yinsel975

**Name of the Vulnerable Software and Affected Versions** H3C GR-1100-P versions up to 20230908 H3C GR-1108-P versions up to 20230908 H3C GR-1200W versions up to 20230908 H3C GR-1800AX versions up to 20230908 H3C GR-2200 versions up to 20230908 H3C GR-3200 versions up to 20230908 H3C GR-5200 versions up to 20230908 H3C GR-8300 versions up to 20230908 H3C ER2100n versions up to 20230908 H3C ER2200G2 versions up to 20230908 H3C ER3200G2 versions up to 20230908 H3C ER3260G2 versions up to 20230908 H3C ER5100G2 versions up to 20230908 H3C ER5200G2 versions up to 20230908 H3C ER6300G2 versions up to 20230908 **Description** A vulnerability was found in the file /userLogin.asp of the component Config File Handler, leading to path traversal. The attack can be initiated remotely, with a rather high complexity and difficult exploitation. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.